\contentsline {section}{List of Figures}{5}{chapter*.1}
\contentsline {section}{List of Tables}{6}{chapter*.2}
\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}
\contentsline {section}{\numberline {1.1}Background}{1}{section.1.1}
\contentsline {section}{\numberline {1.2}Malware analysis problem}{1}{section.1.2}
\contentsline {section}{\numberline {1.3}Approach}{2}{section.1.3}
\contentsline {section}{\numberline {1.4}Thesis outline}{2}{section.1.4}
\contentsline {chapter}{\numberline {2}Background}{4}{chapter.2}
\contentsline {section}{\numberline {2.1}Growth of malware attack}{4}{section.2.1}
\contentsline {section}{\numberline {2.2}Malware avoidance technique}{5}{section.2.2}
\contentsline {section}{\numberline {2.3}Malware analysis technique}{6}{section.2.3}
\contentsline {subsection}{\numberline {2.3.1}Dynamic malware analysis}{6}{subsection.2.3.1}
\contentsline {subsection}{\numberline {2.3.2}Static malware analysis}{7}{subsection.2.3.2}
\contentsline {section}{\numberline {2.4}Malware categories}{8}{section.2.4}
\contentsline {subsection}{\numberline {2.4.1}Use virus total to detect the name of categories.}{9}{subsection.2.4.1}
\contentsline {subsection}{\numberline {2.4.2}Using virus total to getting vendor name}{9}{subsection.2.4.2}
\contentsline {section}{\numberline {2.5}Problems of malware name}{9}{section.2.5}
\contentsline {section}{\numberline {2.6}Malware families are used in this paper}{10}{section.2.6}
\contentsline {chapter}{\numberline {3}Related research}{12}{chapter.3}
\contentsline {section}{\numberline {3.1}Flow graph}{12}{section.3.1}
\contentsline {section}{\numberline {3.2}Optimizing decision tree in malware classification system using Genetic Algorithm}{13}{section.3.2}
\contentsline {section}{\numberline {3.3}Conclusion}{14}{section.3.3}
\contentsline {chapter}{\numberline {4}Classification based on malware's meta-data using decision tree approach}{15}{chapter.4}
\contentsline {section}{\numberline {4.1}PE file format\cite {peheaderci}}{15}{section.4.1}
\contentsline {subsection}{\numberline {4.1.1}The PE File Format}{15}{subsection.4.1.1}
\contentsline {subsection}{\numberline {4.1.2}The PE Header}{18}{subsection.4.1.2}
\contentsline {section}{\numberline {4.2}Decision tree\cite {decisiontree}}{23}{section.4.2}
\contentsline {section}{\numberline {4.3}Classification based on malware's meta-data using decision tree approach}{24}{section.4.3}
\contentsline {section}{\numberline {4.4}Conclusion}{25}{section.4.4}
\contentsline {chapter}{\numberline {5}Implementation}{26}{chapter.5}
\contentsline {section}{\numberline {5.1}Environment}{26}{section.5.1}
\contentsline {section}{\numberline {5.2}Overview}{26}{section.5.2}
\contentsline {section}{\numberline {5.3}Classification based on machine learning technique}{28}{section.5.3}
\contentsline {subsection}{\numberline {5.3.1}Meta-data}{28}{subsection.5.3.1}
\contentsline {subsection}{\numberline {5.3.2}Create training data}{29}{subsection.5.3.2}
\contentsline {subsection}{\numberline {5.3.3}Classification}{29}{subsection.5.3.3}
\contentsline {chapter}{\numberline {6}Evaluation}{33}{chapter.6}
\contentsline {section}{\numberline {6.1}Accuracy evaluation}{33}{section.6.1}
\contentsline {section}{\numberline {6.2}Efficiency of classification}{33}{section.6.2}
\contentsline {section}{\numberline {6.3}Efficiency of classification}{35}{section.6.3}
\contentsline {section}{\numberline {6.4}Discussion}{37}{section.6.4}
\contentsline {subsubsection}{Accuracy evaluation}{37}{section*.4}
\contentsline {subsubsection}{Efficiency of classification}{37}{section*.5}
\contentsline {chapter}{\numberline {7}Conclusion}{39}{chapter.7}
\contentsline {section}{\numberline {7.1}Conclusion}{39}{section.7.1}
\contentsline {section}{\numberline {7.2}Future work}{39}{section.7.2}
\contentsline {chapter}{References}{ii}{section*.6}
